computersecuritynews

Office Personnel Managment hack now suspected also of stealing fingerprint data. http://www.nationaljournal.com/tech/2015/07/14/How-Much-Damage-Can-OPM-Hackers-Do-With-Million-Fingerprints   What can be done with a stolen fingerprint?  Is it really only a foreign government coup?  Can the Chinese government splinter groups use this information for other nefarious reasons? { Part of the worry, cy­ber­se­cur­ity ex­perts say, is that fin­ger­prints are part of … Read more

Brian Krebs does a great job reviewing the details at his latest post http://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/#more-32276 The analysis of Target’s breach is obvious in the level of insecurity in Target 2012. Default passwords used Passwords of insufficient complexity No segmentation of network. Insufficient patching No pentesting Every point in the PCI (Payment Card Industry) was a failure. … Read more

The latest story from Arstechnica: http://arstechnica.com/tech-policy/2015/08/ftc-can-sue-companies-with-poor-information-security-appeals-court-says/ Builds on the previous post: http://oversitesentry.com/courts-uphold-ftc-regulation-punishment-to-negligent-company/ Higher regulation –> higher lawsuit fees –>  More costs to a breach. Wyndham had ineffective Cybersecurity and FTC ruled was negligent in its IT practices.  But Wyndham thought it could sue the FTC since Wyndham thought FTC was pushing it’s boundaries as far as … Read more

To anyone that pays attention Chinese hackers steal IP (Intellectual Property Theft) http://www.infosecurity-magazine.com/news/chinas-ip-theft-tech-transfer/ We can argue – is it $5trillion? or 3? My point is it does not matter, the Chinese steal what they can they are not picky. There are certain high value targets of course, but if you allow a hacker in your … Read more

The “Spy patches” from Microsoft should be uninstalled from your environment. One reason is the constant network bandwidth to Microsoft servers they generate. Second, they are not a “security” patch, in general any patch that includes more functionality is bad for security.   Winaero Blog post first noticed them in Win7 and Win8  by Sergey … Read more